Reply
Highlighted

OpenVPN Update?

The deadline for the update for OpenVPN to stop using md5 has now passed, and even though Netgear said the update would be out before the deadline (I didn't really even believe it back then) here we are on May 3rd and there's still no update for our systems...

 

Could someone at Netgear please chime in and explain why it's taken over a year to roll out this update, and why we're not over the deadline with no idea when you folks will provide us a working update?

Message 1 of 9
Highlighted
Luminary

Re: OpenVPN Update?

MD5 was considered insecure for use in certificates nearly 10 years ago. Netgear does not now, and never has cared about security.

 

 

Message 2 of 9
Highlighted

Re: OpenVPN Update?

So I guess this is the norm, right? Ignore problems until users just move on to a more reliable product? Glad I kept my Amplifi routers!

Message 3 of 9
Highlighted
Aspirant
Aspirant

Re: OpenVPN Update?

Netgear, can you please provide an update on when the firmware update is coming that will support SHA256 certificates in lieu of MD5 for OpenVPN.  You released an update for the R8000 on 5/25.  When will orbi RBR50 be updated to support this?

Message 4 of 9
Highlighted
Tutor

Re: OpenVPN Update?

An update on if they are working on the issue would be appreciated indeed.

Model: RBR50| Orbi AC3000 Tri-band WiFi (Router Only)
Message 5 of 9

Re: OpenVPN Update?

At this point it's been over a month since the cutoff, and Netgear STILL has not provide any response that I would deem as valuable. This is honestly ridiculous as it's been a known thing for a year now, and they still have not addressed this. It really does feel like they're ignoring this in hopes it will just go away. Pathetic.

Message 6 of 9
Highlighted
Guru

Re: OpenVPN Update?

Might connect with one of the forum Moderators about this...

 

@DarrenM


My Setup (Cable 900Mbps/50Mbps)>CAX80(Modem Mode)>RBK853 v3.2.16.6(Router Mode)

Additional NG HW: C7800/CM1100/CM1200/CM2000, Orbi CBK40, RBK853, R7800, R7960P, EX7500/EX7700, XR450 and WNHDE111
Message 7 of 9
Highlighted
NETGEAR Moderator

Re: OpenVPN Update?

Message 8 of 9
Highlighted
Aspirant

Re: OpenVPN Update?

Well, that update may deal with a (very) old problem, but it still lags insofar that the "smartphone" VPN generation immediately yields warnings from modern software that there is more that needs updating.

 

To wit, the output from Tunnelblick is rather detailed about what the problem is:

 

Warning: This VPN may not connect in the future.

The OpenVPN configuration file for 'smart_phone' contains these OpenVPN options:

'comp-lzo' was deprecated in OpenVPN 2.4 and removed in OpenVPN 2.5

You should update the configuration so it can be used with modern versions of OpenVPN.

Tunnelblick will use OpenVPN 2.4.6 - OpenSSL v1.0.2o to connect this configuration.

However, you will not be able to connect to this VPN with future versions of Tunnelblick that do not include a version of OpenVPN that accepts the options.

 

I guess you can't get it more detailed than that.  

 

Given that Netgear has made setting up "back to base" VPNs incredibly easy, it would be disappointed to discover that that was a one off.  I am very impressed with the Orbi (to the point of having installed two pairs elsewhere already) so I would hope that Netgear keeps up this winning streak.

 

The actual warning that pops up.The actual warning that pops up.

Message 9 of 9
Top Contributors
Discussion stats
  • 8 replies
  • 2280 views
  • 3 kudos
  • 7 in conversation
Announcements